Is a Degree in Cyber Security worth it?

Cyber security professionals at the start of their career can expect to have the fastest growing salaries in the UK, according to Robert Half. But many people wanting to go into IT security are still confused as to the career path to take. In this article we’re going to take a look at cyber security degrees and whether they’re the best route into the profession.

is-a-cyber-security-degree-worth-it

The Case for getting a Cyber Security Degree

Let’s make no mistake; cyber security is not an easy field to get into without a degree. Whilst it’s by no means impossible and there are cyber security professionals without one, the odds of landing a solid entry job are stacked considerably more in your favour if you have a relevant degree under your belt.

Of course, experience and industry recognised cyber security certification is also essential, most entry level cyber security jobs will require you to have a relevant degree. A degree in cyber security would obviously qualify you but, so too would degrees in many related fields like forensic computing and computer science.

STEM subjects (Science, Technology, Engineering and Mathematics) are also relevant entry points into the field of cyber security. Although these subjects themselves aren’t directly related to IT and IT security, they do teach students the relevant disciplines such as logical thinking, problem solving, solving equations and mathematical certainty. Many of these are directly applicable to programming, coding and other related fields.

Whilst many will argue that experience and relevant IT certification will trump a degree when it comes to applicable knowledge and practical skill development, the fact is that almost all entry level IT security jobs will require a degree. In this sense a degree in computer science or any STEM subject should be seen as an absolute must.

The Case for getting a Cyber Security Master’s Degree

Of course the educational route needn’t stop at degree level and many universities now offer master’s degrees in cyber security or information security (infosec). The jury seems to be mostly out on this one when it comes to just how useful a master’s degree can be, compared to relevant experience and certification. It really depends on the field you want to go into and what the expectations are. If you have an idea of where you’d like to end up, then it makes sense to find those jobs online and see what the entry requirements are.

There’s quite a lot of forum discussions on this online but this typically impassioned thread from Reddit is pretty illuminating, especially from the point of view of becoming a penetration tester (ethical hacker) .

PostGrad.com has put together a list of the ten best cyber security related masters courses in the UK and Europe, which is well worth checking out. GCHQ in the UK also approves certain post degree courses and CBR have listed their top ten master’s courses here.

Is a Cyber Security Degree more Important than Certification?

Bachelor degrees in cyber security are not an alternative to taking a relevant courses and qualifications in cyber security and shouldn’t be seen as such. It’s extremely important to separate education (GCSEs, A Levels, Degree, Master’s Degree, etc), certification (CISSP, Certified Ethical Hacker, etc) and experience (industry, internships, setting up your own testing environment, etc).

Employers will look at all three areas separately and being educated to degree level will show academic commitment, as much as it will show relevant education in the field. The one area I didn’t mention here are soft skills, which can in part be honed through experience, tutorship and professional development.

What will you learn on a Bachelor’s Degree Course?

Cyber security degrees will focus on the information security aspect of computing, whilst computer science degrees can be tailored to specialise in cyber security related fields. With both you will learn some key principles relating to IT security including:

• The fundamentals of cybercrime, including common methods and motivations
• Digital forensics, what it is and how it can help uncover cyberattacks and trace attackers
• Strategies for protecting information systems and networks
• Use of common programs that can monitor and track cybercrime online
• Common logical mathematics, programming and coding

What you study will depend on the particular course you are taking and any specific modules you opt for within that degree. It pays to have an idea of what you want to do post university so you can tailor your course to the career you most want to pursue.

Post Graduate Job Opportunities

In 2012, US State Department senior advisor Alec Ross said “If any college student asked me what career would most assure 30 years of steady, well-paying employment, I would respond, ‘cybersecurity’.” This was a pertinent comment six years ago and it arguably more pertinent today, especially in the light of a growing IT recruitment crisis.

But knowing what area or field to get into can be difficult at this early stage of your cyber security career. One thing’s for sure and that is that you’ll almost certainly need to aquire some certification or qualifications on your journey. It’s also likely that your employer may well pay for you to do this to fast track your career.

Two jobs that can often represent the first step on the cyber security ladder are Network Security Engineer and Security Administrator, both of which are responsible for the day to day administration of an organisation’s cyber security infrastructure.

For more information on the various roles out there, check out our sister site’s guide to cyber security job salaries in the UK.

For league tables on all UK computer science degrees, check out this site.

A History of Cyber Security Attacks

Nowadays it seems barely a few weeks can go by without another big cybercrime or cyber security story hitting the headlines. The latest has been the discovery of the Spectre and Meltdown flaws inherent in processors going back decades; a revelation that’s rocked the cyber security world.

Of course, cyber security, cyberwarfare and cybercrime aren’t new or recent phenomena. In fact the history of computing also contains its own history of breaches and hacks. We’ve compiled a list of some of the most significant over the last 30 years. We’ll start way back in the 1980’s, in the days before mobile phones and the internet as we know it today.

a history of cyber attacks

The first computer worm (1988)

The first known computer worm was released in 1988 by Cornell University student Robert Tappan Morris, who claimed he had wanted to know how many computers were connected to the internet. The problem occurred when the code encountered a critical error and began replicating itself and began infecting other computers causing them to slow down as it demanded processor time in order to spread itself to other machines. The effect was one of the first denial of service attacks affecting around 6000 UNIX computers. Estimates of the damage range from $10,000 to $10 million dollars in damages.

Morris always maintained that he never intended the code to be malicious but the event nonetheless inspired what have become known today as distributed denial of service (DDoS) attacks.

Hack on the US Defence Department (1999)

Jonathon James hacked the US Defence Department in 1999 after infiltrating the a division of the US Defence department, James had installed a backdoor on a server allowing him to intercept thousands of emails across a number of government departments, some of which contained usernames and passwords. Using this information he then accessed a NASA computer and stole software that controlled the International Space Station’s internal temperature and humidity, costing the agency $41,000 in computer downtime.

James became the first juvenile to be convicted and jailed for cybercrime (he was 15 years old when the attack took place but 16 years old when sentenced). In 2007 he was implicated of hacking to steal credit card information. He denied the accusations but in 2008 took his own life.

The ILOVEYOU worm (2000)

Released in 2000, the ILOVEYOU virus was the most virulent virus ever seen at the time. Unlike the Melissa virus of the previous year, the virus sent copies of itself to every contact on the user’s Windows address book (by comparison, Melissa only contacted the first 500), helping it propagate at an alarming rate.

The worm sent an email with the subject line “ILOVEYOU” and a vbs attachment that looked like an ordinary text file. Once opened this file would activate visual basic script and overwrite various file types including JPG, CSS, DOC, MP2 and MP3 (although the latter file was only hidden). The file originated in the Philippines, which at the time had no laws against writing malware meaning the two perpetrators, Reonel Ramones and Onel de Guzman, were never convicted. The country later passed the E-Commerce law to address this.

By 2002, the ILOVEYOU worm had become the most virulent computer virus of all time.

Stuxnet (2010)

First uncovered in 2010 by Kaspersky Labs, the STUXNET worm was said to have been in development since 2005 and was different from previous worms in that it targeted SCADA control systems which are responsible for the supervisory management of power plants and machinery. Specifically the virus attacked programmable logical controllers (PLCs) which, amongst other things, are responsible for the automation of nuclear centrifuges.

It soon became clear that the virus was a direct cyberattack on Iran’s nuclear programme, thought to have been developed by Israel in conjunction with the Americans. In total, Stuxnet was reported to have ruined close to 20 percent of Iran’s nuclear centrifuges, infecting over 200,000 computers.

Sony Hack (2014)

Another example of the use of cyberattacks being deployed by nation states, the Sony hack saw a huge tranche of confidential data from the Sony Film Studio released by a group calling itself Guardians of Peace. Amongst the files were confidential emails between employees and their families, scripts from unreleased films and details of executive salaries. The US intelligence community quickly concluded that the attack originated in North Korea, a claim vehemently denied by the regime.
One of the reasons suspicion had fallen on the North Korean regime was centred around the release of ‘The Interview’, a comedy produced by Sony and based on an attempted assassination attempt on Kim Jong-un. At the time, North Korean sponsored hackers were said to have made several threats on Sony and US cinemas screening the film.

Ashley Madison breach (2015)

The now infamous Ashley Madison hack was conducted by a group called ‘The Impact Team’. The controversy surrounding the case was as much centred on the target (a dating site for extramarital affairs) as it was the perpetrators. After several threats to release user information was ignored by the company, the hackers released more than 25 gig of information including the names and details of the website’s users.

The site’s policy of not deleting user’s information without taking payment, along with the lack of any email authentication for setting up an account, meant that the data dumps may have included individuals who had never used or even heard of the site. Many internet vigilantes went onto expose individuals, some of whom were nationals of countries like Saudi Arabia, where adultery is punishable by death.

Resources and Further Reading

The UK Government’s Department for Culture, Media and Sport produce an annual Cyber Security Breaches Survey, which gives an up to date summary of the state of cyber security in the UK and is great further reading material.

Wikipedia has one of the best chronologies of computer hacks, viruses and cyberattacks going back to 1903 and is constantly being updated.

For more information about how you can make a difference in cyber security and details of cyber security courses and qualifications, check out our FAQ on the Cyber Security Courses homepage.